Lucene search
Haboob Team1337DAY-ID-31153HistorySep 24, 2018 - 12:00 a.m.
Joomla CW Article Attachments 1.0.6 - id SQL Injection Vulnerability
2018-09-2400:00:00
Haboob Team
0day.today
30
EPSS
0.005
Percentile
76.4%
Exploit for php platform in category web applications
# Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection
# Exploit Author: Haboob Team
# Software Link: https://extensions.joomla.org/extension/cw-article-attachments/
# Version: below < 1.0.6
# CVE : CVE-2018-14592
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14592
# 1. Description
# The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments
# FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
# 2. Proof of Concept
http://IP-ADDRESS/plugins/content/cwattachments/cwattachments/helpers/download.php?id=INJECTION&sid=0123456789987654321
# 0day.today [2018-09-24] #Related
prion
prion
Sql injection
2018-09-20 20:29:00
packetstorm
packetstorm
Joomla CW Article Attachments 1.0.6 SQL Injection
2018-09-24 00:00:00
exploitdb
exploitdb
cve
cve
CVE-2018-14592
2018-09-20 20:29:00
cvelist
cvelist
CVE-2018-14592
2018-09-20 20:00:00
exploitpack
exploitpack
Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection
2018-09-24 00:00:00
nvd
nvd
CVE-2018-14592
2018-09-20 20:29:00